Imports System.DataImports System.Data.OleDbImports System.Data.SqlClientI

1. Imports System.Data
2. Imports System.Data.OleDb
3. Imports System.Data.SqlClient
4. Imports System.Text.RegularExpressions
5.  
6. Partial Class inputvalidationMaster
7. Inherits System.Web.UI.MasterPage
8.  
9. ' LOGIN BUTTON
10. Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
11. Dim connAuthenticate As New SqlConnection
12. connAuthenticate.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings("cis491ConnectionString").ConnectionString
13. connAuthenticate.Open()
14. Dim strSQL As String = "SELECT * FROM Students WHERE Username = '" & tbUsername.Text & "' and Password = '" & tbPassword.Text & "'"
15. Dim drAuthenticate As SqlDataReader
16. Dim cmdAuthenticate As New SqlCommand(strSQL, connAuthenticate)
17. drAuthenticate = cmdAuthenticate.ExecuteReader()
18. If drAuthenticate.Read() Then
19. lblLogin.Text = "Welcome! "
20. sqlDSGradesUser.SelectCommand = "SELECT * FROM Grades WHERE StudentID = " & drAuthenticate.Item("StudentID")
21. sqlDSGradesUser.DataBind()
22. gvGradesUser.DataBind()
23. sqlDSStudentsAll.SelectCommand = "SELECT * FROM Students"
24. gvStudentsAll.DataBind()
25. sqlDSGradesAll.SelectCommand = "SELECT * FROM Grades"
26. gvGradesAll.DataBind()
27. gvGradesUser.Visible = True
28. gvStudentsAll.Visible = False
29. gvGradesAll.Visible = False
30. lblGradesUser.Visible = True
31. lblStudentsAll.Visible = False
32. lblGradesAll.Visible = False
33. lblSQLStatement.Visible = True
34. lblSQL.Text = strSQL
35. Else
36. lblLogin.Text = "Login Failed."
37. End If
38. End Sub
39.  
40. ' RESET BUTTON
41. Protected Sub btnReset_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnReset.Click
42. tbUsername.Text = ""
43. tbPassword.Text = ""
44. lblLogin.Text = ""
45. lblSQL.Text = ""
46. MessageLabel.Text = ""
47. MessageLabel2.Text = ""
48. gvGradesUser.Visible = False
49. gvStudentsAll.Visible = False
50. gvGradesAll.Visible = False
51. lblGradesUser.Visible = False
52. lblStudentsAll.Visible = False
53. lblGradesAll.Visible = False
54. lblSQLStatement.Visible = False
55.  
56. End Sub
57.  
58. 'VALIDATION
59. Protected Sub SubmitButton_Click(sender As Object, e As EventArgs)
60.  
61. ' Determine which button was clicked.
62. Select Case (CType(sender, Button)).ID
63.  
64. Case "btnLogin"
65. MessageLabel.Text = ""
66. MessageLabel2.Text = ""
67.  
68. ' Validate only the controls used for the city query.
69. reqName.Validate()
70.  
71. If reqName.IsValid Then
72. reqPass.Validate()
73. If reqPass.IsValid Then
74. MessageLabel.Text = "Thanks for being ethical."
75. End If
76.  
77. End If
78.  
79.  
80.  
81. Case "blacklistbutton"
82. MessageLabel.Text = ""
83. MessageLabel2.Text = ""
84.  
85. ' Validate only the controls used for the state query.
86. blacklistuser.Validate()
87.  
88. ' Take the appropriate action if the controls pass validation.
89. If blacklistuser.IsValid Then
90.  
91. blacklistpass.Validate()
92. If blacklistpass.IsValid Then
93. MessageLabel.Text = "Thanks for being ethical."
94. End If
95.  
96. End If
97.  
98. Case "whitelistbutton"
99. MessageLabel.Text = ""
100. MessageLabel2.Text = ""
101.  
102. ' Validate only the controls used for the state query.
103. whitelistuser.Validate()
104.  
105. ' Take the appropriate action if the controls pass validation.
106. If whitelistuser.IsValid Then
107.  
108. whitelistpass.Validate()
109. If whitelistpass.IsValid Then
110. MessageLabel.Text = "Thanks for being ethical."
111. End If
112.  
113. End If
114.  
115. Case "sanitizationbutton"
116. MessageLabel.Text = ""
117. MessageLabel2.Text = ""
118. MessageLabel.Text = "User (sanitized): " & CleanInput(tbUsername.Text)
119. MessageLabel2.Text = "Pass (sanitized): " & CleanInput(tbPassword.Text)
120.  
121.  
122. Case "htmlbutton"
123. MessageLabel.Text = ""
124. MessageLabel2.Text = ""
125. MessageLabel.Text = "User (encoded): " & Server.HtmlEncode(tbUsername.Text) & " (Look at source code)"
126. MessageLabel2.Text = "Pass (encoded): " & Server.HtmlEncode(tbPassword.Text) & " (Look at source code)"
127. 'literaluser.Mode = LiteralMode.Encode
128. 'literaluser.Text = tbUsername.Texts
129.  
130. End Select
131.  
132.  
133.  
134. End Sub
135.  
136. 'SANITIZATION
137. Function CleanInput(strIn As String) As String
138. ' Replace invalid characters with empty strings.
139. Try
140. Return Regex.Replace(strIn, "[^\w\.@-]", "")
141. ' If we timeout when replacing invalid characters,
142. ' we should return String.Empty.
143. Catch e As System.TimeoutException
144. Return String.Empty
145. End Try
146.  
147. End Function
148.  
149.  
150.  
151.  
152.  
153. End Class